Lucene search
+L

60 matches found

NVD
NVD
added 2025/06/17 7:15 p.m.12 views

CVE-2025-49487

An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in...

6.8CVSS0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.11 views

PT-2025-25273 · Trend Micro · Trend Micro Worry-Free Business Security Services

Name of the Vulnerable Software and Affected Versions: Trend Micro Worry-Free Business Security Services WFBSS SaaS client version affected versions not specified Description: The issue is related to an uncontrolled search path vulnerability in the WFBSS agent, which could allow an attacker with...

6.8CVSS6.8AI score0.00244EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.5 views

CVE-2023-28640

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.7AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 a.m.13 views

CVE-2019-6656

BIG-IP APM Edge Client before version 7.1.8 7180.2019.508.705 logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM...

7.5CVSS6.9AI score0.01356EPSS
Exploits0References1
OSV
OSV
added 2025/03/27 10:18 p.m.4 views

CVE-2025-2885 Root metadata version not validated in tough

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure...

5.7CVSS6.1AI score0.00307EPSS
Exploits0References6
CVE
CVE
added 2025/03/07 3:13 p.m.2897 views

CVE-2025-27152

CVE-2025-27152 affects axios, a promise-based HTTP client for browser and Node.js. The issue occurs when passing absolute URLs (not protocol-relative) to axios; even if baseURL is set, requests may be sent to the absolute URL, enabling SSRF and potential credential leakage for both server-side an...

8.7CVSS6.9AI score0.00759EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/02/27 12:0 a.m.46 views

CVE-2024-53408

The set of connected records confirms CVE-2024-53408 affects AVE System Web Client, version 2.1.131.13992, with a cross-site scripting (XSS) vulnerability. The core detail available across sources is the existence of an XSS flaw in AVE System Web Client v2.1.131.13992; no explicit root-cause tech...

5.4CVSS6.3AI score0.0026EPSS
Exploits0References1
Snyk
Snyk
added 2024/06/06 2:26 p.m.4 views

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...

3.7CVSS6.9AI score
Exploits0References2
Veracode
Veracode
added 2023/04/04 8:5 a.m.18 views

Information Disclosure

io.apiman: apiman-manager-api-rest-impl is vulnerable to Information Disclosure. An authenticated attacker is able to gain access to API keys they do not have permission for if they correctly guess the URL which includes Organisation ID, Client ID, and Client Version. Access to the non-permitted...

6.4CVSS4.7AI score0.0034EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/27 9:15 p.m.19 views

Design/Logic Flaw

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

2.1CVSS4AI score0.0034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/27 8:46 p.m.48 views

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.6AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2023/03/27 8:46 p.m.35 views

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS4.8AI score0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.11 views

PT-2023-21868 · Apiman · Apiman

Name of the Vulnerable Software and Affected Versions: Apiman versions prior to 3.1.0.Final Description: Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may gain access to API keys they do not have permission for if they correctly guess the URL, which...

6.4CVSS4.5AI score0.0034EPSS
Exploits0References7
Citrix
Citrix
added 2022/10/26 12:0 a.m.10 views

DNS resolution issue with new 13.0.86.17 client

ADC version 13.0.86.17, with 'Citrix Secure Access' VPN client the same version, shows as version 22.2.1.103 in the client. The old client was 13.0.58.30 shown as 21.3.1.2 1. Some users report that on the new client they cannot resolve any DNS record...

7.1AI score
Exploits0
OSV
OSV
added 2022/09/06 9:15 p.m.5 views

CVE-2022-38176

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...

7.8CVSS5.8AI score0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.8 views

YSoft SAFEQ 6 安全漏洞

YSoft SAFEQ 6 is an Enterprise Print Management Suite solution platform from YSoft Czech Republic. A security vulnerability exists in YSoft SAFEQ 6 versions prior to 6.0.72, which stems from incorrect permissions being configured as part of the installer package for the Client V3 service, and can...

7.8CVSS7.3AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-24258 · Ysoft · Y Soft Safeq

Name of the Vulnerable Software and Affected Versions: YSoft SAFEQ versions prior to 6.0.72 Description: An issue in YSoft SAFEQ allows for local user privilege escalation. This is due to incorrect privileges configured as part of the installer package for the Client V3 services, enabling an...

7.8CVSS7.1AI score0.00362EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2021/08/18 4:0 p.m.43 views

CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

6.5CVSS6.2AI score0.00851EPSS
Exploits1
Intel
Intel
added 2021/06/08 12:0 a.m.25 views

Intel Unite® Client for Windows Advisory

Summary: Potential security vulnerabilities in the Intel Unite® Client for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-0112 Description: Unquoted service path in the Intel UniteR...

7.8CVSS7.8AI score0.00255EPSS
Exploits0
CNVD
CNVD
added 2021/03/02 12:0 a.m.55 views

OwnCloud Injection Vulnerability

OwnCloud is a suite of personal cloud storage solutions from OwnCloud USA. An injection vulnerability exists in OwnCloud client versions prior to 2.7, which can be exploited by an attacker to load development plugins from certain directories using the desktop client...

7.8CVSS6.9AI score0.00773EPSS
Exploits0References1
Rows per page
Query Builder